---
apiVersion: v1
kind: Service
metadata:
  name: keycloak
  namespace: keycloak
  labels:
    app: keycloak
spec:
  ports:
  - name: http
    port: 8080
    targetPort: 8080
  selector:
    app: keycloak
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: keycloak
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:13.0.1
        imagePullPolicy: IfNotPresent
        env:
        - name: KEYCLOAK_USER
          value: "admin"
        - name: KEYCLOAK_PASSWORD
          valueFrom:
            secretKeyRef:
              name: keycloak-credentials
              key: user-password
        - name: DB_VENDOR
          value: postgres
        - name: DB_ADDR
          value: base-pgbouncer.pgo.svc
        - name: DB_PORT
          value: '5432'
        - name: DB_DATABASE
          value: keycloak
        - name: DB_USER
          value: keycloak
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: keycloak-credentials
              key: db-password
        - name: PROXY_ADDRESS_FORWARDING
          value: 'true'
        - name: JAVA_OPTS
          value: >-
            -server -Xms1024m -Xmx2048m -XX:MetaspaceSize=192M
            -XX:MaxMetaspaceSize=512m -Djava.net.preferIPv4Stack=true
            -Djboss.modules.system.pkgs=org.jboss.byteman
            -Djava.awt.headless=true
        resources:
          limits:
            memory: "3072Mi"
            cpu: "1"
          requests:
            cpu: "100m"
            memory: "1024Mi"
        ports:
        - name: http
          containerPort: 8080
        - name: https
          containerPort: 8443
        readinessProbe:
          httpGet:
            path: /auth/realms/master
            port: 8080